Updated data models for download/upload, delete and login
This commit is contained in:
parent
7e5a8a2603
commit
ebe10f80ba
@ -1,5 +1,5 @@
|
||||
def dataTemplate(transactionType,**kwargs):
|
||||
general = {
|
||||
uploadDownload = {
|
||||
"bytes" : kwargs.get('bytes_out'),
|
||||
"dst_endpoint": {
|
||||
"port": kwargs.get('dst_endpoint_port'),
|
||||
@ -114,12 +114,14 @@ def dataTemplate(transactionType,**kwargs):
|
||||
},
|
||||
"utype": kwargs.get('utype')
|
||||
}
|
||||
if transactionType == "FileUploaded":
|
||||
template = general
|
||||
if transactionType == "FileDownloaded":
|
||||
template = general
|
||||
if transactionType == "FileDeleted":
|
||||
|
||||
if transactionType == "file_uploaded":
|
||||
template = uploadDownload
|
||||
if transactionType == "file_downloaded":
|
||||
template = uploadDownload
|
||||
if transactionType == "file_deleted":
|
||||
template = fileDeleted
|
||||
if transactionType == "Logon":
|
||||
if transactionType == "user_logged_on":
|
||||
template = logon
|
||||
|
||||
return template
|
||||
@ -1,36 +1,68 @@
|
||||
def processData(data, template, **kwargs):
|
||||
|
||||
processedData = []
|
||||
transactionLoginid = []
|
||||
|
||||
for row in data:
|
||||
print(f'Row: {row}')
|
||||
# print(f'Row: {row}')
|
||||
if row.get('Command') == None:
|
||||
continue
|
||||
|
||||
processedData.append(template(identifyUtype(row.get('Command')),\
|
||||
status_detail=row.get(''),\
|
||||
status_code=row.get('ResultID'),\
|
||||
file_size=row.get('FileSize'),\
|
||||
file_path=row.get('PhysicalFolderName'),\
|
||||
file_virtual_path=row.get('VirtualFolderName'),\
|
||||
file_name=row.get('FileName'),\
|
||||
guid=row.get('TransactionGUID'),\
|
||||
ref_id=row.get('ProtocolCommandID'),\
|
||||
prd_instance_id=kwargs.get('prd_instance_id'),\
|
||||
product_guid=kwargs.get('product_guid'),\
|
||||
product_name=kwargs.get('product_name'),\
|
||||
product_version=kwargs.get('product_version'),\
|
||||
node_name=row.get('NodeName'),\
|
||||
src_endpoint_port=row.get('RemotePort'),\
|
||||
src_endpoint_ip=row.get('RemoteIP'),\
|
||||
dst_endpoint_port=row.get('LocalPort'),\
|
||||
dst_endpoint_ip=row.get('LocalIP'),\
|
||||
dst_endpoint_type=row.get('Protocol'),\
|
||||
session_uid=row.get('TransactionID'),\
|
||||
bytes_out=row.get('BytesTransferred'),\
|
||||
transfer_time=row.get('TransferTime'),\
|
||||
time=row.get('Time_stamp'),\
|
||||
user_type=identifyUserType(row.get('user_type')),\
|
||||
user_domain=row.get('SiteName'),\
|
||||
user_name=row.get('Actor'),\
|
||||
utype=identifyUtype(row.get('Command'))))
|
||||
prd_ext_tenant_id='',\
|
||||
status_code=row.get('ResultID'),\
|
||||
file_size=row.get('FileSize'),\
|
||||
file_path=row.get('PhysicalFolderName'),\
|
||||
file_virtual_path=row.get('VirtualFolderName'),\
|
||||
file_name=row.get('FileName'),\
|
||||
guid=row.get('TransactionGUID'),\
|
||||
ref_id=row.get('ProtocolCommandID'),\
|
||||
prd_instance_id=kwargs.get('prd_instance_id'),\
|
||||
product_guid=kwargs.get('product_guid'),\
|
||||
product_name=kwargs.get('product_name'),\
|
||||
product_version=kwargs.get('product_version'),\
|
||||
node_name=row.get('NodeName'),\
|
||||
src_endpoint_type=row.get('Protocol'),\
|
||||
src_endpoint_port=row.get('RemotePort'),\
|
||||
src_endpoint_ip=row.get('RemoteIP'),\
|
||||
dst_endpoint_port=row.get('LocalPort'),\
|
||||
dst_endpoint_ip=row.get('LocalIP'),\
|
||||
dst_endpoint_type=row.get('Protocol'),\
|
||||
session_uid=row.get('TransactionID'),\
|
||||
bytes_out=row.get('BytesTransferred'),\
|
||||
duration=row.get('TransferTime'),\
|
||||
time=row.get('Time_stamp'),\
|
||||
user_type=identifyUserType(row.get('user_type')),\
|
||||
user_domain=row.get('SiteName'),\
|
||||
user_name=row.get('Actor'),\
|
||||
user_home_directory=row.get('VirtualFolderName'),\
|
||||
utype=identifyUtype(row.get('Command'))))
|
||||
|
||||
if row.get('TransactionGUID') not in transactionLoginid:
|
||||
processedData.append(template(identifyUtype(row.get('TransactionObject')),\
|
||||
guid=row.get('TransactionGUID'),\
|
||||
prd_instance_id=kwargs.get('prd_instance_id'),\
|
||||
product_guid=kwargs.get('product_guid'),\
|
||||
product_name=kwargs.get('product_name'),\
|
||||
product_version=kwargs.get('product_version'),\
|
||||
src_endpoint_type=row.get('Protocol'),\
|
||||
src_endpoint_port=row.get('RemotePort'),\
|
||||
src_endpoint_ip=row.get('RemoteIP'),\
|
||||
dst_endpoint_port=row.get('LocalPort'),\
|
||||
dst_endpoint_ip=row.get('LocalIP'),\
|
||||
dst_endpoint_type=row.get('Protocol'),\
|
||||
session_uid=row.get('TransactionID'),\
|
||||
bytes_out=row.get('BytesTransferred'),\
|
||||
transfer_time=row.get('TransferTime'),\
|
||||
time=row.get('Time_stamp'),\
|
||||
user_type=identifyUserType(row.get('user_type')),\
|
||||
user_domain=row.get('SiteName'),\
|
||||
user_name=row.get('Actor'),\
|
||||
user_home_directory=row.get('VirtualFolderName'),\
|
||||
utype=identifyUtype(row.get('TransactionObject'))\
|
||||
))
|
||||
transactionLoginid.append(row.get('TransactionGUID'))
|
||||
|
||||
return processedData
|
||||
|
||||
def identifyUserType(obj):
|
||||
@ -42,7 +74,7 @@ def identifyUserType(obj):
|
||||
else:
|
||||
return None
|
||||
def identifyUtype(obj):
|
||||
user_logged_on = []
|
||||
user_logged_on = ['AUTH']
|
||||
file_deleted = ["dele"]
|
||||
file_uploaded = ["created"]
|
||||
file_downloaded = ["sent"]
|
||||
|
||||
5
test.py
5
test.py
@ -15,4 +15,7 @@ def builddict(keys,*args,**kwargs):
|
||||
dict[key] = kwargs.get(key)
|
||||
print(dict)
|
||||
|
||||
a = builddict(["bytes","duration","dst_endpoint"],bytes=2490,duration=200,dst_enpoint={"port": 1,"ip": 1,"type":1})
|
||||
testfolder = '/Usr/a/asdf/asf'
|
||||
user = 'a'
|
||||
|
||||
print(testfolder.split(f"/{user}/"))
|
||||
Loading…
Reference in New Issue
Block a user